From 13e8ac42cab7c169f5d115286314f17e8f814f71 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 26 Jun 2020 14:07:56 +0200
Subject: Make scoped affiliation attribute name configurable

---
 shib/api.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'shib')

diff --git a/shib/api.php b/shib/api.php
index 2c80f37..533ae78 100644
--- a/shib/api.php
+++ b/shib/api.php
@@ -37,9 +37,9 @@ if (empty($_SERVER['persistent-id'])) {
 	// Figure out role
 	if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) {
 		$role = 'TUTOR';
-	} else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false
-			|| strpos(";{$_SERVER['affiliation']};", ';staff@') !== false
-			|| strpos(";{$_SERVER['affiliation']};", ';faculty@') !== false) {
+	} else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false
+			|| strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false
+			|| strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) {
 		$role = 'TUTOR';
 	} else {
 		file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
@@ -49,7 +49,7 @@ if (empty($_SERVER['persistent-id'])) {
 			'status' => 'error',
 			'error' => "Sie wurden als Student eingestuft und können sich daher nicht an der " . CONFIG_SUITE . "-Suite anmelden."
 				. "\nFalls Ihr Nutzerkonto kein Studentenkonto ist stellen Sie sicher, dass Ihr IdP für berechtigte"
-				. "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut 'affiliation'"
+				. "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut CONFIG_SCOPED_AFFILIATION"
 				. "\nausgeliefert wird, und es entweder 'employee@..', 'staff@..' oder 'faculty@..' enthält."
 				. "\n\nMehr Informationen finden Sie unter " . CONFIG_HELPURL
 		);
@@ -82,8 +82,8 @@ if (empty($_SERVER['persistent-id'])) {
 					}
 				}
 			}
-			if (!isset($response['organizationId']) && isset($_SERVER['affiliation'])) {
-				if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER['affiliation'], $out)) {
+			if (!isset($response['organizationId']) && isset($_SERVER[CONFIG_SCOPED_AFFILIATION])) {
+				if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER[CONFIG_SCOPED_AFFILIATION], $out)) {
 					$out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array(
 						'suffix' => $out[2]
 					));
-- 
cgit v1.2.3-55-g7522